Relevant Links




Your Ad Here
⇐ Previous Post Front Page Next Post ⇒

ebay phishing hack collecting user names and password

Wednesday, April 18, 2007 at 03:51 PM

A reader sent me a heads up on a ebay phishing hack.

Amazingly, I always thought ebay was protected against this sort of thing.

You start with item number 120110237584:

ebay01.jpg

You go a to valid listing (the URL starts with http://cgi.ebay.com/ebaymotors/ws/...):

ebay02.jpg

I've added the modesty box. The listing appears for a brief moment as your browser is redirected to this phishing page:

ebay03.jpg

Looks like ebay, but smells like phish.

The URL gives it away:

http://69.72.209.35/3/base.php?pa2=errmsg=runa....

The correct URL for the signin page is this:

https://signin.ebay.com/ws/eBayISAPI.dll?SignIn

Not sure with what they'll be doing with the information being phished. But then I'm not a criminal mastermind. What's really interesting here is that this is not a phishing attempt prompted by an email ("ebay requires you to login to verify your account information. Please follow this link..."). Instead, a valid ebay page has somehow been modified to immediately redirect you to a phishing page. I've never heard of an ebay page being compromised in such a way.

Makes me wonder just how many of these compromised ebay pages are directing ebay users to phishing operations.

ebay has been informed.

Update: The page has come down.

Update: I didn't know ebay allowed people to add Java to their ebay auction pages:

eBay does not permit the use of several types of HTML and JavaScript functions in member listings, Stores pages, About Me pages, or Want-It-Now ads.

Any attempts to disguise the intention or function of the source code (HTML or JavaScript) of your listing are in violation of eBay policy. This includes, but is not limited to:

  • the use of unescape functions in JavaScript
  • items that split HTML or other JavaScript tags with the express purpose of hiding the tags within the source code of the listings’s HTML or script

Users may not manipulate or edit any areas outside of the areas designated for member content.

Additionally, on the German site (eBay.de), the use of JavaScript functions is further limited. Refer to the Additional Information section below for more information.

Violations of this policy may result in a range of actions, including:

  • Listing cancellation
  • Limits on account privileges
  • Account suspension
  • Forfeit of eBay fees on cancelled listings
  • Loss of PowerSeller status

I guess we can add redirects to pishing pages to that list.

Your Ad Here
Relevant Links




Your Ad Here
Create Commons License 2.5
Angry in the Great White North by Steve Janke is licensed under a Creative Commons Attribution-Share Alike 2.5 Canada License. Based on a work at stevejanke.com.
Valid XHTML 1.0 Strict
[Valid Atom 1.0]
Valid CSS!